Give us your data

“Curiouser and curiouser!” cried Alice. (She was so much surprised, that for the moment she quite forgot how to speak good English.)

Lewis Carroll, Alice in Wonderland

Our lives are getting curiouser and curiouser, wonderfuller and wonderfuller:

We are steadily heading into a brave new world where there’s no privacy whatsoever. And the course we’re on is being maintained from above (through government regulations and the introduction of new norms) and below (through ordinary users revealing information about themselves in social media).

The list of personal information items to be published, revealed and remain accessible has expanded
Effective May 1, 2018, an expanded volume of personal information will be accessible on the Russian government site offering public services. The information includes user-specific data, information about the user’s underage children, user property and portal activity, and data about the use of other public services by users. We can debate what the 'user-specific data' actually includes and who will be able to access the information, but the overall arc of what’s happening is quite clear.

Since January 1, the list of public servants dismissed due to a loss of trust has been publicly available on the Internet.

Companies are keeping up with the trend too. For many of them personal information is just another means to generating a profit. Incidents involving programs requesting permissions they don't really need to perform their tasks are well known, and numerous such examples can be found on the Internet. And when a company is collecting user data "to improve their services", we tend to perceive it as the norm rather than something out of the ordinary. Is there a limit to their appetite for private information?

Flight Sim Labs, which provides various add-ons and services for Microsoft Flight Simulator, came up with a peculiar method for fighting software piracy. The developers incorporated malicious code into their software installer, ostensibly as a defence against piracy. Об этом рассказал ресурс Motherboard.

The file FSLabs_A320X_P3D_v2.0.1.231.exe contains the file Test.exe, which harvests passwords from Chrome’s cache.

Flight Sim Labs' head, Lefteris Kalamaras, responded by explaining that the Chrome Password Dump was deliberately incorporated into the installer, and Test.exe is only triggered if a user activates the add-on using a previously compromised key.

The Test.exe file is part of DRM. It was meant to warn FSLabs developers that an illegal copy of the software is being used.

According to Bleeping Computer, even though the Chrome Password Dump wouldn't be launched on machines running legitimate copies of the add-on, the application was nonetheless meant to collect data without user consent and without a warrant. So the company may now have legal problems.

So if it was the installer itself that collected the information about "pirates" rather than a program that could be extracted from it, then everything would be fine?

Can Test.exe be regarded as malware? Users agree to allow the software to be installed in their systems (it’s typical for many additional components to be installed along with the applications users opt to run). The feature is not described in the documentation—and this is the only thing that Chrome Password Dump and malware have in common. But this can be fixed easily, right?

Dr.Web recommends

We can't remove a feature that is present in an application by design. This is an impossible thing to do, and it’s not something an anti-virus is supposed to do. But if someone builds malicious code into their distribution file, Dr.Web will neutralise it.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

To vote, log in under your account or create an account if you don't have one yet.

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Doctor Web is the Russian developer of Dr.Web anti-virus software. We have been developing our products since 1992. The company is a key player on the Russian market for software that meets the fundamental need of any business — information security. Doctor Web is one of the few anti-virus vendors in the world to have its own technologies to detect and cure malware. Our anti-virus protection system allows the information systems of our customers to be protected from any threats, even those still unknown. Doctor Web was the first company in Russia to offer an anti-virus as a service and, to this day, is still the undisputed Russian market leader in Internet security services for service providers. Doctor Web has received state certificates and awards; our satisfied customers spanning the globe are clear evidence of the high quality of the products created by our talented Russian programmers.